EIP-2026-110405

PRE-CVE

osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110405. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in osTicket, including XSS, SQL injection, directory traversal, and HTML injection. It provides example URLs demonstrating these vulnerabilities but does not include executable exploit code.

Description

osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/25590

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in osTicket, including XSS, SQL injection, directory traversal, and HTML injection. It provides example URLs demonstrating these vulnerabilities but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Sqli | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: osTicket (version not specified)

No auth needed

Prerequisites: Access to the target application · File upload feature enabled for directory traversal

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026